Re: In regards to the insecurity of AOL Instant Messenger

From: Nick Lange (nicklangeat_private)
Date: Tue Aug 06 2002 - 10:31:55 PDT

Next message: moksha faced: "Re: In regards to the insecurity of AOL Instant Messenger"

Previous message: Alex Lambert: "Re: ssh trojaned"
Next in thread: moksha faced: "Re: In regards to the insecurity of AOL Instant Messenger"
Reply: moksha faced: "Re: In regards to the insecurity of AOL Instant Messenger"
Reply: Alex Lambert: "Re: In regards to the insecurity of AOL Instant Messenger"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Trillian allows SSL over AIM protocol [or did allow in .72, haven't checked
the RC1 release yet].
lICQ allowed SSL over ICQ as well...
so it's there if you're willing to use alternative clients, but most people
don't.
nick
----- Original Message -----
From: "Alex Lambert" <alambertat_private>
To: "Adam Carr" <itsacarrat_private>; <vuln-devat_private>
Sent: Tuesday, August 06, 2002 11:15 AM
Subject: Re: In regards to the insecurity of AOL Instant Messenger


> > Now my question, is how secure are normal "ims" on AIM. How difficult =
> > would it be to listen to anothers msgs and if at all possible, how could
=
> > this be fixed.=20
>
>        "msgsnarf  records  selected messages from AOL Instant Mes-
>        senger, ICQ 2000, IRC, MSN Messenger, or  Yahoo  Messenger
>        chat sessions." (msgsnarf(8) manpage)
>
> AFAIK, none of the above protocols are usually encrypted. dsniff
> (http://www.monkey.org/~dugsong/dsniff/dsniff-2.3.tar.gz) can pick them
up.
>
>
>
> apl
> ----- Original Message -----
> From: "Adam Carr" <itsacarrat_private>
> To: <vuln-devat_private>
> Sent: Monday, August 05, 2002 5:58 PM
> Subject: In regards to the insecurity of AOL Instant Messenger
>
>
> > After seeing the recent emails about the hide windows while away =
> > function while I don't quite understand that as a security threat this =
> > does remind me of other insecurities of AIM and some questions I had as
=
> > well.
> >
> > The first threat to AIM users that I am aware of and have tested myself
=
> > is under Direct Connects with another user. With a targets ip, it is not
=
> > difficult at all to intercept the dcc's messages and to input your own.
=
> > Quite frightening. A simple fix is to change the port which AIM direct =
> > connects on. Seeing as how my explanations are not that great I invite =
> > anyone else who is aware of this to explain that flaw in AIM.
> >
> > Now my question, is how secure are normal "ims" on AIM. How difficult =
> > would it be to listen to anothers msgs and if at all possible, how could
=
> > this be fixed.=20
> >
> > I know AIM has\had it's share of other vulnerabilities so please speak =
> > up if you know of any. Thanks ...
> >
> > Cheers ...
> > Adam
> >
> >
> >
> >
> >
>

Next message: moksha faced: "Re: In regards to the insecurity of AOL Instant Messenger"
Previous message: Alex Lambert: "Re: ssh trojaned"
Next in thread: moksha faced: "Re: In regards to the insecurity of AOL Instant Messenger"
Reply: moksha faced: "Re: In regards to the insecurity of AOL Instant Messenger"
Reply: Alex Lambert: "Re: In regards to the insecurity of AOL Instant Messenger"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Aug 06 2002 - 10:41:40 PDT